CVE-2018-5704

Publication date 16 January 2018

Last updated 25 August 2025


Ubuntu priority

Cvss 3 Severity Score

9.6 · Critical

Score breakdown

Description

Open On-Chip Debugger (OpenOCD) 0.10.0 does not block attempts to use HTTP POST for sending data to 127.0.0.1 port 4444, which allows remote attackers to conduct cross-protocol scripting attacks, and consequently execute arbitrary commands, via a crafted web site.

Status

Package Ubuntu Release Status
openocd 19.04 disco
Not affected
18.10 cosmic
Not affected
18.04 LTS bionic
Not affected
17.10 artful Ignored end of life
16.04 LTS xenial
Fixed 0.9.0-1+deb8u1build0.16.04.1
14.04 LTS trusty Not in release

Severity score breakdown

CVSS version: CVSS v3.0

Base score 9.6 · Critical

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H


Access our resources on patching vulnerabilities